CAC enacts security assessment method to guarantee safe use of cloud computing
China published a security assessment method for cloud computing services on Monday, which will help reduce network security risks pertaining to buying a cloud computing service, experts say.
The assessment regime is designed to enhance information operators’ confidence in migrating business and data to cloud service platforms by improving security control of cloud service providers, according to the Cyberspace Administration of China (CAC).
Potential network security problems such as unsafe interfaces, data loss or leakage, account or service hijacking, will be effectively monitored, said the CAC.
“Cloud computing allows users to significantly reduce infrastructure costs and have access to IT resources and services of high quality - this is why the government vows to promote the use of cloud computing,” said a statement from CAC.
The new assessment method will take effect from September 1 and assessments will be valid for three years for cloud computing service providers who pass the security check, according to the notice on the website of the CAC published on Monday.
Cloud computing service providers who apply to serve government organizations and key information infrastructures will be assessed by the CAC, the National Development and Reform Commission, the Ministry of Industry and Information Technology and the Ministry of Finance.
Different cloud platforms operated by the same cloud service provider need to apply for security assessments.
In the process of evaluation, all assessors will assume the obligation of confidentiality for non-public materials submitted by cloud service providers and the non-public information obtained during the process in order to protect business secrets and intellectual property rights.
The CAC announced the first batch of cloud computing services that passed the network security review on September 20, 2016. Three cloud platforms have passed the review then, including Aliyun which was developed by Alibaba Cloud Corp.